Archive for the ‘Python’ Category

I found a couple of interesting little tidbits while going through the “Cisco 2014 Annual Security Report”. Before I begin, disclaimer and explainer: keep in mind that I am a contractor for Cisco. However, the 2014 Report is not a Cisco internal document, but is available to the public. You can download it here, though you do have to enter your name and an email address.

Things that I found interesting:

Ninety-nine percent of all mobile malware in 2013 targeted Android devices. Android users also have the highest encounter rate (71 percent) with all forms of web-delivered malware.

You. Don’t. Say.

Spam volume was on a downward trend worldwide in 2013. However, while the overall volume may have decreased, the proportion of maliciously intended spam remained constant.

So we’re winning? Maybe?

Of all the web-based threats that undermine security, vulnerabilities in the Java programming language continue to be the most frequently exploited target by online criminals, according to Cisco data.

More:

Data from Sourcefire, now part of Cisco, also shows that Java exploits make up the vast majority (91 percent) of indicators of compromise (IoCs) that are monitored by Sourcefire’s FireAMP solution for advanced malware analysis and protection (Figure 12).

So should you disable Java? I think Borepatch would probably say “yes”. But this is also interesting:

90 percent of Cisco customers use a version of the Java 7 Runtime Environment, the most current version of the program. This is good from a security standpoint, since this version is likely to offer greater protection against vulnerabilities…
…However, Cisco TRAC/SIO research also shows that 76 percent of enterprises using Cisco solutions are also using the Java 6 Runtime Environment, in addition to Java 7.

JRE6 has been end-of-lifed and is no longer supported. I’m thinking the best practice here is:

A. Carefully evaluate your need for Java.
II. If you do need it, use the most current version.

At 43.8 percent, Andr/Qdplugin-A was the most frequently encountered mobile malware, according to Cisco TRAC/SIO research. Typical encounters were through repackaged copies of legitimate apps distributed through unofficial marketplaces.

“unofficial marketplaces”. You. Don’t. Say.

There’s a lot more in the report, including a brief discussion of Wireshark and Python tools for doing data analysis. I do commend it to your attention, even though my bias here is obvious.

Edited to add: left out one I intended to include.

In a recent project reviewing Domain Name Service (DNS) lookups originating from inside corporate networks, Cisco threat intelligence experts found that in every case, organizations showed evidence that their networks had been misused or compromised.
For example, 100 percent of the business networks analyzed by Cisco had traffic going to websites that host malware, while 92 percent show traffic to webpages without content, which typically host malicious activity. Ninety-six percent of the networks reviewed showed traffic to hijacked servers.

I ran across this on the Y Combinator Twitter yesterday, and thought I’d give FizzBuzz a shot. I’d estimate it took me just under 30 minutes to get the code you see here, which I believe “works”. Part of that time was taken up with assisting one of my cow orkers with a problem, though. An embarrassingly large chunk of that time was taken up by my having to look up the Perl syntax for “for”, “if”, and the modulo operator. I’m a bit rusty; the last time I wrote substantial Perl code was about a year ago (a Perl script that parses CSV data from a file and imports it into a SQL database).

As always, when I put stuff like this up, I welcome criticism or comment on how I could have done it better (or, in this case, “right” if I did it wrong). The way I see it, I can’t get any better if I don’t solicit and accept criticism.

Edited to add: I was going to upload a Python version that I wrote in (about) 20 minutes (I think). I keep planning to sit down and learn Python, but then somebody calls and wants to go riding bikes or whatever…anyway, I couldn’t paste that here and have it come out the way I wanted to, so I’ve uploaded it here. (I had to change the extension from “.py” to “.txt” because WordPress didn’t like “.py”.)

Here’s a link to the slides from Terrence Gareau’s “HF Skiddies Suck, Don’t Be One. Learn Some Basic Python” presentation. I’m not complaining, but be advised that this is a large download (620 MB ZIP file) with video and code examples. Also be advised that, based on a very brief preliminary skim of the file, there may be some NSFW material in the presentation. (Also not a complaint, but an observation.) I’d like to thank Mr. Gareau for making this available: his presentation is the only one in the “DEFCON 101″ track that I’ve found so far.

Josh Brashars (who is a heck of a nice guy) and I have exchanged emails, and he’s graciously allowed me to temporarily host the version of his “Exploit Archaeology: Raiders of the Lost Payphones” presentation from the DEFCON 20 DVD. Of course, iDisk no longer exists (NOT that I’m BITTER or anything) and WCD’s hosting provider/WordPress implementation has a 10 MB file size limit, so I’m using Dropbox to host this file. Let me know if it doesn’t work.

“Breaking Wireless Encryption Keys“: I’m generally familiar with the how-to of breaking WEP, and the attacks against WPA. I keep meaning to set up a lab and do some WEP attacks, but I never get around to it (always something else going on), and I’ve never actually seen it done, so this panel intrigues me.

“Safes and Containers: Insecurity Design Excellence“: “…design issues that allow locks and safes to be opened in seconds, focusing on consumer-level containers that are specified as secure for storing valuables and weapons, and in-room hotel safes that travelers rely upon.” Enough said.

Saturday, we have a possible tie for this year’s “Hippie, PLEASE” panel:

“Hacking the Google TV“: This might be my only chance to see someone hack what, so far, has been a total failure.

Pretty much have to go to the closing ceremonies.

So that’s that. If anyone has any specific panel requests after looking over the posted schedule, let me know (by email on in the comments), and I’ll try to hit those events. Also, if anyone has any recommendations for new, cool, or interesting places to eat in Vegas, feel free to leave those in comments.

“DCFluX in: Moon-bouncer“. Looks like it could be a fun panel on alternative methods of communication in a critical situation, like moon-bounce (something I’ve heard of from the amateur radio community).

“Extreme Range RFID Tracking“. I haven’t gotten that deep into RFID hacking yet (though I might change that this year), but I’m interested in this long-range low-power radio device stuff. Also, this is one of two Padget talks I want to see.

School has wrapped up for the semester, at least for me. (Yes, I’m aware it is mid-October. Yes, I’m aware normal people are dealing with mid-terms. What can I say; that’s the way the St. Ed’s New College schedule worked out this time around.)

Now that I’ve got some free time, I can engage in some useful projects, like more Project e work (I’ve got a long multi-part post in the works that I hope to finish soon), updating the SDC pages, and perhaps some outside study.

Webcomics I Like (without reservation)

Meta

Whipped Cream Difficulties is a production of Low Fat Heavy Industries, which is solely responsible for its contents.Whipped Cream Difficulties is proudly powered by
WordPressEntries (RSS)
and Comments (RSS).